Over a million private photos from dating apps exposed online
Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists.Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, and LGBT apps Pink, Brish and Translove.These services are used by an estimated 800,000 to 900,000 people.M.A.D Mobile was first warned about the security flaw on 20th January but didn't take action until the BBC emailed on Friday.They have since fixed it but not said how it happened or why they failed to protect the sensitive images.
Ethical hacker Aras Nazarovas from Cybernews first alerted the firm about the security hole after finding the location of the online storage used by the apps by analysing the code that powers the services.He was shocked that he could access the unencrypted and unprotected photos without any password."The first app I investigated was BDSM People, and the first image in the folder was a naked man in his thirties," he said. "As soon as I saw it I realised that this folder should not have been public."The images were not limited to those from profiles, he said – they included pictures which had been sent privately in messages, and even some which had been removed by moderators.
Hacking risk
Mr Nazarovas said the discovery of unprotected sensitive material comes with a significant risk for the platforms' users.Malicious hackers could have found the images and extorted individuals.There is also a risk to those who live in countries hostile to LGBT people.None of the text content of private messages was found to be stored in this way and the images are not labelled with user names or real names, which would make crafting targeted attacks at users more complex.In an email M.A.D Mobile said it was grateful to the researcher for uncovering the vulnerability in the apps to prevent a data breach from occurring. But there's no guarantee that Mr Nazarovas was the only hacker to have found the image stash."We appreciate their work and have already taken the necessary steps to address the issue," a M.A.D Mobile spokesperson said. "An additional update for the apps will be released on the App Store in the coming days."The company did not respond to further questions about where the company is based and why it took months to address the issue after multiple warnings from researchers.Usually security researchers wait until a vulnerability is fixed before publishing an online report, in case it puts users at further risk of attack. But Mr Nazarovas and his team decided to raise the alarm on Thursday while the issue was still live as they were concerned the company was not doing anything to fix it."It's always a difficult decision but we think the public need to know to protect themselves," he said.In 2015 malicious hackers stole a large amount of customer data about users of Ashley Madison, a dating website for married people who wish to cheat on their spouse.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
BBC News
14 hours ago
- BBC News
BBC Learning English - Learning English from the News / North Korean secrets revealed by phone
() ______________________________________________________________________________________________________ ______________________________________________________________________________________________________ The story The BBC has gained access to a North Korean phone which has been smuggled out of the country. The phone doesn't have access to the internet and is designed to make sure its users follow the rules in North Korea, which is closely controlled by its leader Kim Jong-un. The phone creates a screenshot every five minutes, which is used by the country's authorities to watch the user. The phone also has an autocorrect function which changes terms used in South Korea to expressions favoued by the North Korean regime. News headlines Smartphone smuggled out of North Korea shows chilling details implemented by Kim Jong-un's regime LADbible From 'oppa' to comrade: North Korea's phones auto-correct to fit party line India Today This smartphone smuggled out of North Korea is absolutely wild Futurism Key words and phrases chilling frightening I read a chilling story about a ghost and now I can't sleep. party line the official opinion of an organisation, usually political The mayor didn't say anything new in her speech. Just the usual party line. wild strange or unexpected This TV show is wild. I have no idea what's going to happen next. Next Learn more English vocabulary from the news with our News Review archive. Try our podcast The English We Speak to learn more idiomatic language.
The Guardian
20 hours ago
- The Guardian
BBC and Sky bosses criticise plans to let AI firms use copyrighted material
The BBC director general and the boss of Sky have criticised proposals to let tech firms use copyright-protected work without permission, as the government promised that artificial intelligence legislation will not destroy the £125bn creative sector. The creative industry has said that original proposals published in a consultation in February to give AI companies access to creative works unless the copyright holder opts out would 'scrape the value' out of the sector. Dana Strong, the group chief executive of Sky, compared the proposal to its own battles against TV piracy and said individuals and small companies would not have the experience and financial resources to protect their intellectual property. 'Sky is one of the leading forces in trying to fight against piracy,' she said, speaking at the Deloitte and Enders Media and Telecoms conference. 'As I look ahead to artificial intelligence protecting copyright is a very big issue, and I think some of the consequences of the opt out is impossible to police. If we as a large organisation spend the resource we do fighting for intellectual property rights, I can't fathom how small producers keep up with a change of that nature. It is impossible to head in that direction.' Tim Davie, the director general of the BBC, said the government needs to put protections in place because the industry faces a potential crisis as the consultation drags on. 'If we currently drift in the way we are doing now we will be in crisis,' he said. 'We need to make quick decisions now around areas like … protection of IP. We need to protect our national intellectual property, that is where the value is. What do I need? IP protection, come on let's get on with it.' The industry would like to see an opt-in regime, forcing AI companies to seek permission and strike licensing deals with copyright holders before they can use the content to train their models. In response, the culture secretary, Lisa Nandy, sought to allay fears and said she and Peter Kyle, the technology secretary, would begin roundtable discussions with the creative industries to ensure legislation does not harm the sector. 'We have heard you loud and clear,' she told the 800 attendees at the conference. 'We are determined to find a way forward that works for the creative industry and creators as well as the tech industries. The issue of AI and copyright needs to be properly considered and enforceable legislation drafted with the inclusion, involvement and experience of both creatives and technologists.' Last month, the government faced accusations of being too close to big tech after analysis showed Kyle and his department met people close to, or representing the sector, 28 times in a six month period. The government has already drawn up some concessions - including promising to carry out an economic impact assessment of its proposed copyright changes, and to publish reports on issues including transparency, licensing and access to data for AI developers - following a backlash from some of the UK's best-known creators, including Elton John and Paul McCartney. 'We approach you with no preferred option in mind,' Nandy said. 'We are a Labour government, and the principle [that] people must be paid for their work is foundational. You have our word that if it doesn't work for the creative industries, it will not work for us.'
BBC News
2 days ago
- BBC News
Ukrainecast How has the ‘Spider Web' drone attack hurt Russia?
On Sunday, more than 100 Ukrainian drones struck air bases deep inside Russia. According to some estimates, the operation dubbed 'Spider Web' may have successfully damaged or destroyed up to a third of Russia's fleet of strategic bombers. So what impact might this have on its aerial capability? We're joined in the studio by Major General Jonathan Shaw, former Assistant Chief of the UK's Defence Staff. And with Ukraine's drone industry in the spotlight, we speak to Kseniia Kalmus, a drone manufacturer who co-founded a volunteer-led workshop in Kyiv. Today's episode is presented by Victoria Derbyshire and James Waterhouse. The producers were Laurie Kalus and Nik Sindle. The technical producer was Philip Bull. The series producer is Tim Walklate. The senior news editor is Sam Bonham. Email Ukrainecast@ with your questions and comments. You can also send us a message or voice note via WhatsApp, Signal or Telegram to +44 330 1239480 You can join the Ukrainecast discussion on Newscast's Discord server here:
